Current jobs related to Enterprise Cybersecurity Risk Management and Compliance Lead - Springfield - Rigil Corporation

  • Cybersecurity Risk Management and Compliance

    3 weeks ago

    Springfield, United States Department of Homeland Security Full time

    The Department of Homeland Security (DHS) is recruiting professionals to support a range of technical roles in Cybersecurity Risk Management and Compliance including, Cybersecurity Risk Management Analyst, Cybersecurity Policy Analyst, Technical Support Specialist, and Cybersecurity Supply Chain Risk Management Expert. All positions are in the DHS...

  • Cybersecurity Program Management

    5 months ago

    Springfield, United States Department of Homeland Security Full time

    The Department of Homeland Security (DHS) is recruiting professionals to support a range of leadership roles in Cybersecurity Program Management, including Cybersecurity Program Manager, Cybersecurity Governance Lead, and Cybersecurity Compliance Manager. All positions are in the DHS Cybersecurity Service.DHS Cybersecurity Service (DHS-CS) uses a multi-phase...

  • Cybersecurity Manager

    4 weeks ago

    Springfield, Virginia, United States CALIBRE Systems Full time

    Job Title: Cybersecurity ManagerCALIBRE Systems Inc., an employee-owned Management Consulting and Digital Transformation Company, is seeking a highly skilled Cybersecurity Manager to join our team.Job Summary:The Cybersecurity Manager will be responsible for ensuring the cybersecurity of a program, organization, system, or enclave. This includes acquiring...

  • Cybersecurity Manager

    3 days ago

    Springfield, Illinois, United States Rividium Inc Full time

    About the RoleRiVidium Inc, a leading provider of cybersecurity solutions, is seeking an experienced Cybersecurity Manager to join our team. As a key member of our security team, you will be responsible for ensuring the cybersecurity of our programs, organizations, systems, and enclaves.Key ResponsibilitiesAcquire and manage necessary resources to support IT...

  • Cybersecurity Engineer

    2 months ago

    Springfield, Virginia, United States inventium LLC Full time

    Job SummaryWe are seeking a highly skilled Cybersecurity Engineer to join our team at Inventium LLC. As a key member of our technical staff, you will be responsible for designing and implementing cybersecurity solutions that meet the needs of our clients in the defense and scientific communities.Key ResponsibilitiesDesign and develop cybersecurity solutions...

  • Cybersecurity Manager

    1 week ago

    Springfield, Illinois, United States Rividium Inc Full time

    Job DescriptionRiVidium Inc, a leading provider of cybersecurity solutions, is seeking a highly skilled Cybersecurity Manager to join our team. As a key member of our security team, you will be responsible for ensuring the confidentiality, integrity, and availability of our systems and data.Key Responsibilities:Develop and implement cybersecurity policies...

  • Cybersecurity Architecture Specialist

    4 weeks ago

    Springfield, Virginia, United States Department of Homeland Security Full time

    Cybersecurity Architecture Job DescriptionThe Department of Homeland Security (DHS) is seeking a highly skilled Cybersecurity Architecture professional to support a range of leadership roles in Cybersecurity Architecture, including Enterprise Engineering Architect, Enterprise Architecture Branch Chief, Deputy Section Chief, Shift Management Lead and...

  • Cybersecurity Architect

    2 weeks ago

    Springfield, Massachusetts, United States Softek International Full time

    Job Title: Cybersecurity ArchitectSoftek International Inc. is a leading provider of cybersecurity solutions, and we are seeking a highly skilled Cybersecurity Architect to join our team.Job Summary:We are looking for a seasoned Cybersecurity Architect to lead the design and implementation of our cybersecurity solutions. The successful candidate will have a...

  • Cybersecurity Program Manager

    7 days ago

    Springfield, Illinois, United States The Staffing Resource Group Inc Full time

    Job Title: Technical Cybersecurity SpecialistWe are seeking an experienced Cybersecurity Specialist to lead a critical infrastructure security initiative, with a specific focus on a DOD ICS project. The ideal candidate will have a strong background in ICS security, cyber security, program management, and extensive experience working with the DOD ICS...

  • Cybersecurity Project Manager

    4 weeks ago

    Springfield, Illinois, United States InfoReliance Full time

    Job Title: Cybersecurity Project ManagerInfoReliance is seeking a highly skilled Cybersecurity Project Manager to join our team. As a Cybersecurity Project Manager, you will be responsible for leading and managing complex cybersecurity projects from initiation to delivery. Your primary focus will be on ensuring the successful execution of projects, meeting...

  • Senior Manager, Risk

    1 month ago

    Springfield, United States Expedia Group Full time

    If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the...

  • Cybersecurity Architect

    3 weeks ago

    Springfield, Illinois, United States Illinois Secretary of State Full time

    Job Title: Cybersecurity ArchitectJoin the Illinois Secretary of State team as a Cybersecurity Architect, responsible for designing, implementing, and overseeing the organization's cybersecurity architecture and infrastructure.Key Responsibilities:Design and implement secure network architectures, including firewalls, VPNs, and intrusion detection...

  • Cybersecurity Strategist

    4 weeks ago

    Springfield, Illinois, United States NTT DATA Full time

    About the RoleWe are seeking a highly skilled Cybersecurity Strategist to join our team at NTT DATA. As a key member of our security team, you will be responsible for developing and implementing comprehensive cybersecurity strategies aligned with our clients' business objectives.Key ResponsibilitiesServes as the primary point of contact for key clients,...

  • Senior Manager, Risk and Compliance

    1 month ago

    Springfield, Missouri, United States Expedia Group Full time

    About the RoleWe are seeking a highly skilled Senior Manager, Risk and Compliance to join our team at Expedia Group. This is a critical role that will help us drive our risk and compliance management practices forward.Key ResponsibilitiesDevelop and implement scalable frameworks to review processes, risk, controls, and compliance posture against leading...

  • Senior Manager of Risk and Compliance

    3 weeks ago

    Springfield, Missouri, United States Expedia Group Full time

    About the RoleWe are seeking a highly skilled Senior Manager of Risk and Compliance to join our team at Expedia Group. As a key member of our organization, you will play a critical role in supporting our broader strategy development and managing day-to-day governance activities related to risk, control, and compliance management.Key ResponsibilitiesSupport...

  • Head of Cyber Third Party and Risk Management

    1 month ago

    SPRINGFIELD, United States MassMutual Full time

    Overview: We are seeking an experienced and strategic leader to join our organization as the Head of Cyber Third Party and Risk Management. In this critical role, you will be responsible for overseeing and enhancing our third-party cyber risk management program, governance, security awareness and training, and ensuring the security of our business...

  • Senior Manager, Risk and Compliance

    4 weeks ago

    Springfield, Missouri, United States Expedia Group Full time

    Job SummaryWe are seeking a highly skilled Senior Manager, Risk and Compliance to join our team at Expedia Group. This role will be responsible for supporting the development of scalable frameworks to review processes, risk, controls, and compliance posture against leading practices or industry frameworks.Key ResponsibilitiesSupport the creation of scalable...

  • Cybersecurity Analyst

    1 week ago

    Springfield, Illinois, United States GuidePoint Security Full time

    GuidePoint Security is a trusted cybersecurity expert that provides expertise, solutions, and services to help organizations make informed decisions and minimize risk. Our team of skilled professionals performs in-depth analysis of potential cybersecurity incidents and provides formal recommendations to organizational leadership.As a Security Operations...

  • Cybersecurity Architect

    7 days ago

    Springfield, Illinois, United States Illinois Secretary of State Full time

    Job Summary:The Illinois Secretary of State is seeking a highly skilled Cybersecurity Architect to design, implement, and oversee the organization's cybersecurity architecture and infrastructure. This role requires a comprehensive understanding of both hardware and software security solutions to develop robust security frameworks that protect against...

  • Cybersecurity Specialist

    2 weeks ago

    Springfield, Virginia, United States MSCCN Full time

    Job Title: Security Controls AssessorAt MSCCN, we are committed to delivering innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers' success. We empower our teams, contribute to our communities, and operate sustainably. Our mission, vision, and values guide the way we do business.Job Summary:We are...

Enterprise Cybersecurity Risk Management and Compliance Lead

2 months ago

Springfield, United States Rigil Corporation Full time
Role: Enterprise Cybersecurity Risk Management and Compliance Lead

About Rigil
Rigil is an award-winning, woman-owned, small business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.

Location: Springfield, VA 22150
Job Type: Full Time

Job Description:
The area of responsibility for the lead includes, but is not limited to: FISMA Inventory Management Enterprise Common Controls Program Enterprise Cybersecurity Governance, Risk, and Compliance Support DHS Cybersecurity Governance – Policy, Procedures, Guidance, Templates Management Security Authorization POA&M Oversight. The lead is responsible for monitoring the performance of staff and the quality of deliverables for the assigned task area.

FISMA Inventory Management: Strengthen data quality through increased automation in the Department's system of record, customization of additional agencydefined data items, and improved workflows.
Provide maintenance, development, support, recommendations for old and new initiatives pertaining to FISMA Inventory using efficient, new, costeffective processes and technologies of the DHS FISMA Compliance Tool and front-end applications. Lead in automation and development of all stages of Inventory Workflow Process (i.e., the Inventory Change Request (ICR), reporting, and all approval process in current and new platforms). Develop, maintain, and update policies and standard operating procedures for all inventory tasks and reporting. Keep up-to-date internal SOP/documentation of all Inventory processes in Microsoft Teams or any other applications in use (shared folders/drives, SharePoint, etc.) as specified by the Federal Lead. Plan, host, and coordinate Component Inventory Quarterly Discovery Meetings to obtain general organizational information and updates, additions, or modifications to the Component FISMA Inventory for the
purpose of system discovery. Conduct reviews, maintain, and update the FISMA Inventory to ensure that all system categorizations and data align with all data sources. Capture and maintain a list of third-party systems and External Information Systems (EIS) that process or store DHS data in accordance with OMB directives. Ensure that all EISs are captured in the DHS FISMA Compliance Tool and adhere to requirements set forth by the DHS FISMA System Inventory
Methodology and any other relevant policies. Generate and automate monthly and quarterly reports pertaining to FISMA Inventory, including but not limited to the Monthly Inventory Report for the Enterprise Cybersecurity Governance Division, Component monthly reports, and Special Designation Reports such as Cloud, Financial, High-Value Assets (HVA), and Mission Essential systems. Prepare documentation such as the inventory breakdown per Component,
Component brief, and report schedules, executive summary reports for each DHS Component before and after Component Inventory Quarterly Discovery Meetings. Ensure the proper forms and supporting documentation are submitted via the correct workflow, with the appropriate signatures (i.e., CISO, CFO, etc.) to track/manage inventory changes and Federal approvals (i.e., Compliance Designees, Capital Planning and Investment Control (CPIC) Admin Team, FISMA Inventory Management Team, etc.) before requests are processed in the DHS FISMA Compliance Tool. Process daily ICRs from DHS components and maintain the FISMA Inventory Mailbox. Research and provide responses to customer(s) on ICRs processed. Respond to all ServiceDesk and direct inquiries related to FISMA Inventory. Ensure that all requests are completed each month. Create/automate Monthly ICR Report and include ICR metrics in the
Monthly Inventory Report for the Enterprise Cybersecurity Governance Division. Create/update Inventory Process and Training PowerPoint Slides presentation as needed. Routinely update the DHS FISMA Inventory Change Request Form and DHS ICR How-To Instruction. Support and collaborate on general annual policy updates and process changes. Provide responses in support of audits related to cybersecurity. Coordinate and follow up with Subject Matter Experts (SMEs) to generate responses, update, finalize, and submit cybersecurity reports. Gather responses, review/validate responses with SMEs, compile the report, and brief CISOD management. Prepare various reports and executive summaries, talking points, and PowerPoint slide decks for briefing to CISO and CIO as required by CFO, OMB, and other executive directives. Provide support to the Federal Lead in all aspects of the FISMA Inventory Program. Maintain and update the DHS FISMA System Inventory Methodology. Recommend and implement improvements to the Methodology as approved by the Federal Lead. Maintain and update FISMA Inventory and the back-end databases. Provide information/feedback for any updates to the ServiceNow Application contents as needed/required. Integrate current databases and application/tools, upgrade, and migrate data to new tools. Provide support to the system boundary consolidation effort. Perform routine Inventory Management Support. Assist with the collection, coordination, consolidation, and analysis of data calls as needed by the Federal government. Provide developers with clear guidance regarding necessary changes and updates to the authorized application or platform. Supply a ServiceNow Developer to perform day-to-day upkeep and maintenance of ServiceNow, make necessary modifications, apply fixes to the back-end of the portal where applicable, and add new features and
functionalities according to customer-provided priority.

Enterprise Common Controls Program: Provide oversight of all common control providers. Ensure that testing of common controls is being conducted in accordance with the Risk Management Framework and 4300 policy.
Conduct annual reviews of Common Control Providers and Programs. Host the DHS Common Controls Working Group quarterly. Support and maintain the Common Control Implementation Guide, Common Controls Methodology, and training materials. Conduct formal Common Controls DHS-wide compliance training to HQ components at least bi-annually. Provide monthly reporting on Common Control Providers and Programs. Review Control Implementation Statements in Component Programs for at least 3 providers each month (Validate that Programs are not providing system level implementations or provide justification). Review, track, and report on all Program POA&Ms. Review Control Inheritance in consuming Systems for at least 3 systems per month. Review/Track all providing systems for completion of annual assessments in the DHS FISMA Compliance Tool.

Enterprise Cybersecurity Governance, Risk, and Compliance Support: Develops and maintains Department level cybersecurity policies that govern the implementation of the DHS Information Technology cybersecurity program.
Risk Management and Governance establishes and implements standards and frameworks for identifying and managing FISMA and FedRAMP compliance, cybersecurity risks, and information system inventory across the Department.

DHS Cybersecurity Governance: Serve as an advisor to DHS Enterprise Cybersecurity Governance (ECG) Division personnel who represent DHS to external Government Agencies and Cybersecurity forums and discussions, as they relate to DHS
Enterprise compliance activities. Develop Department-wide cybersecurity policies and standards based on DHS Strategies and frameworks, including the Cybersecurity Framework, Risk Management Framework (RMF), NIST Artificial Intelligence (AI) RMF, Machine Learning, Robotic Processing Automation, SELC, Secure Development and IT Operations, and the Cybersecurity Acquisition Lifecycle (Cyber ALF), Internet of Things and Operational Technology (IoT/OT). Conduct research on newly released Presidential Executive Orders (EOs) and OMB Memos being issued. Review current DHS policies and procedures, and provide DHS Fed Leads with recommendations on meeting requirements identified in the memos,
EOs, or both. Coordinate across DHS Offices, Lines of Businesses, and Components to develop and maintain requirements for system security documentation for enterprise IT infrastructures, platforms, hardware, and software. Provide responses in support of audits related to cybersecurity. Coordinate and follow up with SMEs to generate responses, update, finalize, and submit cybersecurity reports. Gather the responses, review/validate responses with SMEs, compile the
report, and brief CISOD management. Prepare various reports and executive summaries, talking points, and PowerPoint slide decks for briefing to CISO and CIO as required by CFO, OMB, FNR, and other executive directives. Develop and oversee the process, procedures, work instructions, and documentation (i.e., templates) to support the DHS Cybersecurity Risk Management Framework (RMF) functional areas for the Department.

Policy, Procedures, Guidance, Templates Management: Identify improvements and propose updates for the DHS 4300 Policy series, policy attachments, memos, and any other directives impacting the agency's cybersecurity posture.
Provide recommendations for policy updates for areas applicable to Security Authorization, POA&M and Management known and identified findings, Ongoing Authorization, and Document Review. Maintain, update, or revamp the SA Guides, DR Methodologies and checklists, and Templates (FIPS199 workbook, E-Authentication, Security Assessment Report (SAR), Security Assessment Plan (SAP), Risk Assessment (RA), Configuration Management (CM), Contingency Plan (CP)/CP Test, Business Impact Analysis (BIA), etc.). Develop and oversee the process, procedures, work instructions, and documentation (i.e., templates) to support the DHS Cybersecurity Risk Management Framework (RMF) functional areas for the Department. Perform gap analysis, recommend efficiencies, streamline, modernize, automate, standardize, and document cybersecurity processes (including but not limited to: Security Authorization, Risk Management, Ongoing Authorization, Continuous Monitoring, Weakness Management, Document Review) and methodologies to be employed across HQ components. Develop, update, and maintain internal Standard Operating Procedures for executing the system compliance review methodology. Ensure that documents reviewed are complete and up to date with OMB, Federal Information Security Management Act (FISMA) reporting requirements, and DHS Information System Security Plan (ISPP).

General (Reporting, Planning, and Maintaining): Provide situational awareness of cybersecurity risks in support of the Department's IT governance and enterprise risk management activities. Collaborate with DHS Components, offices, and programs within DHS to identify, develop, and implement cybersecurity programs' best practices, and general guidance for use across the federal government, including the identification of tools and technologies that improve processes and
introduce efficiencies to cybersecurity programs across DHS (e.g., integration of GenAI or other AI/ML technologies). Coordinate and follow up with SMEs to generate responses, update, finalize, and submit cybersecurity reports. Gather, review, and validate responses with SMEs, compile the report, and brief CISOD management. Collaborate with other teams to ensure that cybersecurity processes are effectively maintained and tracked. Conduct research on cyber threats, assess the protections in place to mitigate cyber threats, determine and document risks to DHS assets in a corresponding Risk Assessment Report. Support and provide responses for internal or external audit inquiries, including FISMA evaluations, Financial Internal Control audits, and audit requests from the General Accountability Office (GAO) or Office of the Inspector General. Develop dashboards and reports for executive or managerial briefings for enterprise governance and compliance-related matters. Provide support to Fed Leads by attending meetings/working groups that impact cybersecurity risk, governance, and compliance for DHS. Conduct and deliver Risk Assessment Reports, determining overall risk profile, gaps in meeting or adhering to FedRAMP requirements, threats, impact, and likelihood of a security compromise. Identify and recommend compensating measures to mitigate risks to an acceptable level. Maintain logs of all review activities and develop and recommend metrics to improve the overall Department's information security posture and performance.

Security Authorization: Research and identify efficiencies to mature the DHS security authorization (SA) process and develop recommendations to implement solutions into the current SA process, including traditional Authority to
Operate (ATO), Ongoing Authorization, ATO with conditions, FedRAMP authorizations, Reciprocity, etc. Standardize the Security Authorization and Risk Management process to follow an agile, streamlined security authorization model characterized by efficient processes and delivering value, visibility, and adaptability to the organization. Perform document review (DR) and validate that SA documents submitted for SA meet DHS standards, including initial authorizations,
reauthorizations, ongoing authorization, and any other type of SA processes defined within DHS. Conduct SA document quality reviews and assess completeness based on established criteria and DHS quality standards, ensuring that applicable
DHS and NIST controls have been properly documented. Documents, artifacts, and implementations to be reviewed include, but are not limited to, Security Assessment Plan, Security Assessment Report, System Security Plan, Plan of Actions and Milestones, Business Impact Assessments (BIA), Contingency Plans (CP), Contingency Plan Testing (CPT). Develop, maintain, and update the document review methodology and annual review criteria as required, including recommendations on the scope and process of the reviews. Provide weekly/monthly/quarterly/annual/ad hoc reports on the DR reviews conducted and issues resolved or outstanding, meeting minutes, user feedback, and propose process improvements to Federal DR Team Lead. Collaborate with Component and system personnel to address SA document reviews, questions, and issues identified. Provide system security expertise to assist ISSOs and system stakeholders with the development and maintenance of system security documentation. Review, track, and distribute weekly/monthly reports on CP/CPTs expired, expiring in 30 days, and expiring in 60 days for HQ components. Also, track and report Privacy documents that are expired or expiring monthly to DHS Components. Provide customer service support to DHS HQ components by responding to DHS Helpdesk tickets that pertain to DR and SA-related activities.

Oversight of Enterprise Plan of Actions and Milestones (POA&Ms) Program: Manage and maintain the Department's official repository for POA&M to address weaknesses disclosed by FISMA evaluations, Financial Internal
Control audits, security control assessments, and Continuous Monitoring activities. Develop, maintain, and update POA&M operating procedures to review POA&M weakness remediation activity for effectiveness and quality.
Develop strategies for evaluating overall Department and Component risks associated with outstanding weaknesses. Conduct weekly POA&M monitoring and review to ensure mitigation due dates do not expire, and work with DHS Component representatives to ensure POA&M accuracy and timely closures. Artificial Intelligence/Machine Learning Develop and manage cybersecurity training materials and resources to provide guidance regarding the implementation and use of various AI/ML technologies (e.g., GenAI) across DHS environments. Work with Fed Lead and other DHS offices to identify, develop, and plan for the integration of AI/ML technologies within DHS environments. Perform evaluations of AI/ML technologies to determine how the tools can be safely utilized by DHS personnel. Prepare risk recommendation packages (e.g., risk assessment, tools evaluation, decision memo, etc.) for review by management and leadership.

Training Program: Coordinate and collaborate with the Cybersecurity Awareness Training Branch to provide subject matter expertise on Federal and Departmentwide cybersecurity policies and standards, strategies, and frameworks to
include the Cybersecurity Risk Management Framework (RMF), NIST Artificial Intelligence (AI) RMF, Machine Learning, Robotic Processing Automation, SELC, Security Development Operations (SecDevOps), and the Cybersecurity Acquisition Lifecycle (Cyber ALF).

Minimum Qualifications:
Bachelor's Degree in Computer Science or related field. Minimum 10 years of relevant experience. Must currently hold an active SECRET clearance.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Rigil Corporation

About Rigil

Rigil is an award-winning, woman-owned business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.